Log in

How can we help?

  1. Atera Support
  2. Atera MSP
  3. Professional Services Automation (PSA)
MSP
IT Department
Help Center

    Enable single sign-on (SSO) with your Identity Provider

    Simplify password management, improve security, and log in seamlessly with an Identity Provider (IdP). This article describes setting up your IdP and enabling SSO as your authentication protocol when logging into Atera.

    For information on enabling SSO via Microsoft Azure AD, see Single sign-on with Microsoft Azure AD

    Note: Single sign-on with your IdP is available to Atera Enterprise plan subscribers.

    Note: Single sign-on with your IdP is available to Atera Superpower plan subscribers.

     

    Before enabling SSO in Atera

    Before enabling SSO in Atera, you'll need to:

    • Create an OIDC connection.
    • Register Atera in your IdP.
    • Create user accounts within your IdP.
    • Assign Atera to users within your IdP.

    We'll provide a comprehensive explanation of these processes, using Okta as our IdP example.

     

    Create an Okta account

    All account users need to download the Okta Verify app from the App Store (iPhone and iPad) or Google Play (Android devices).

    To sign up to Okta:

    1. Go to Okta

    2. Enter your first name, last name, email, phone number, and country/region.

    Okta_sign_up.jpg

    3. Convince our silicon overlords you're not one of them by checking I'm not a robot and then playing I spy with my little eye... (usually a bike part or a dog).

    4. After passing the Voight-Kampff test, click Get started. An activation email is sent to your email address.

    activation_email.jpg

    5. Open it and click Activate Okta Account. You are redirected to Okta.

    6. Complete the signup.

     

    Register Atera in Okta

    To register Atera in Okta: 

    1. Log in to Okta

    Click_Admin.jpg

    2. Click Admin (top-right corner). 

    Applications___Application___Create_App_Integration.jpg

    3. From the Applications dropdown, select Applications. Then click Create App Integration.

    4. For the Sign-in method, select OIDC - OpenID Connect.

    Create_a_new_app_integration.jpg

    5. For the Application type, select Web application. Then click Next.

    6. Enter the General Settings for your new app integration:

    • App integration name: Enter your app integration name (e.g., Atera).
    • Sign-in redirect URI: Enter this Auth0 tenant information callback URL:
      • https://auth.atera.com/login/callback
    • Assignments: Select your preferred controlled access option.

    General_Settings.jpg

    7. Click Save.

    You've integrated Atera into your IdP successfully.
    Note: When activating SSO in Atera, you'll need to provide the Domain name(s), Issuer URI, Client ID, and Client Secret.

     

    Create a user

    Note:

    • You cannot assign Atera to the first user account that was set up during the initialization of your IdP account. 
    • Please ensure that the user name (including domain), first name, and last name align with the user's credentials within Atera. Otherwise, the connection will fail.

    To create a user:

    1. Go to Directory > People > Add person.

    Directory___People___Add_person.jpg

    The Add Person window appears.

    Add_person_window.jpg

    2. Fill out the user details.
    Note: The username is the email the user will enter to sign in.

    3. Click Save.

    4. Inform the user so that they can sign in via an activation email. The user will appear on the People page.

    New_user_added.jpg

     

    Assign Atera to a user

    Note: You cannot assign the first user account that was set up during the initialization of your IdP account. To create another user, see Create a user

    To assign Atera to a user:

    1. Go to Directory > People.

    People.jpg

    2. Select the user. 

    3. Click Assign Applications

    4. Click Assign.

    5. Fill out the user information. Then click Save and Go Back.

    6. Click Done. The application (Atera) is assigned to the user.

    User_assigned.jpg

     

    Copy Client ID and Client Secret

    To copy your Client ID and Client Secret:

    1. Go to Applications > Applications > [App name] (e.g., Atera).

    Applications___Application___Atera.jpg

    The application page appears.

    Client_ID_and_Client_Secret.jpg

    2. Click the copy to clipboard icon (copy_to_clipboard_icon.jpg) to copy your Client ID and Client Secret.

    3. Copy and paste these into their respective fields when setting up your SSO authentication (see Activate SSO in Atera).

     

    Activate SSO in Atera

    Note:

    • Full admin permissions are required to activate SSO.
    • Activating SSO will disable 2FA for all users on the account.

    To activate single sign-on for your account:

    1. From Admin (on the sidebar), click Security and Authentication.

    The Security and Authentication page appears.

    Security_and_Authentication_page_-_EN.jpg

    2. Click the Authentication dropdown icon (dropdown_icon.jpg).

    SSO_authentication_radio_button_-_EN.jpg

    3. Select the Single sign-on (SSO) radio button.

    Enter OIDC details - EN.jpg

    4. Select OpenID Connect (OIDC) from the SSO protocol dropdown menu.

    5. Enter your OIDC details:

    • Domain names: Include the domain name(s) (i.e., "[YOUR_DOMAIN]".com ). 
      Note:
      • Replace "[YOUR_DOMAIN]" with your company or IdP domain.
      • When entering multiple domains, use a comma to separate them.
    • Issuer URI: "https://[YOUR_DOMAIN].okta.com/.well-known/openid-configuration"
      Note: Replace "[YOUR_DOMAIN]" with your domain and ensure the URI doesn't contain "admin".
    • Client ID: The confidential identifier that the IdP assigns to your application to recognize it during the authentication process. Get Client ID
    • Client Secret: The confidential key held by the application — used in conjunction with the client ID — to authenticate the application with the Identity Provider (IdP) during secure transactions. Get Client Secret
    • Redirect URL: "https://auth.atera.com/login/callback"

    6. Click Save.

    SSO is enabled for your account.

     

    Sign in with SSO

    Once you've registered Atera in Okta, added users, assigned Atera to your users, and enabled SSO in Atera, it's time for you and your colleagues to experience the magic of SSO.

    To sign in to Atera via SSO:

    1. Log in to Atera

    2. Enter your email address. Then click Continue. You are redirected to Okta.

    3. Enter your username (email). Then click Next.

    4. Enter your password. Then click Verify.

    5. Under Okta Verify, click Set up. And get your phone ready!

    Set_up_Okta_Verify.jpg

    6. Follow the on-screen instructions.

     

    Deactivate SSO in Atera

    Two-factor authentication is enabled by default. If you've enabled SSO, and you'd like to return to two-factor authentication, you can remove your SSO connection.
    Note:

    • Full admin permissions are required to deactivate SSO.
    • Removing your SSO connection will delete all related information from Atera (Domain name(s), Issuer URI, Client ID, and Client Secret).

    To deactivate SSO:

    1. From Admin (on the sidebar), click Security and Authentication.

    The Security and Authentication page appears.

    Security_and_Authentication_page_-_EN.jpg

    2. Click the Authentication dropdown icon (dropdown_icon.jpg).

    3. Select the Two-factor authentication (2FA) radio button. A confirmation window appears. 

    4. Click Enable authentication app.

    Two-factor authentication is enabled for all users on your account.

     

     

     

    Still have a question? Contact us
    Julian Kudo

    Related articles